The story of the theft of the domain

In one known to all the country lived a simple web-master Dmitry syno66. Dmitry was a project on the Internet which helped people to solve their problems, and thereby to feed Dmitri and his family.

Dmitry for two years invested in this project money, which was ordered semantic core, written articles, and thereby gradually increased attendance in search engines.

Dmitry was happy to have my own online business, and his family was fed and clothed…

Moreover, initially the domain of his project were registered through a company Infobox.ru. But then Dmitry decided that we ought to all your domains to migrate to the well-known and respected Registrar, and was chosen as Registrar of this company REG.RU.

The move was successfully completed on 18 July 2017

A little more than 4 months…

Somehow freezing December Saturday morning, Dmitry comes in the mail the following letter:
And as Dmitry was an exemplary family man and well-organized your business, then Saturday morning he like to do, sleep in the arms of his wife. And this letter I saw only during the day.

And only he was I started to think, what is actually the case, he came a second letter:
There is already Dmitry is hot, and breaking furniture in their path, rushed frantically to open your account REG.RU.

Update from 04.12.2017 16:00: Official comment from reg.ru. The domain returned to the original NS record, the site has resumed. However, while domain is on a different account until the end of the proceedings. All actions with the domain suspended for 60 days.

And when you do not see in the list of domains of the project the situation had been cleared up. Someone quite brazenly stole his website, and even rewrote the whole law of the owner!
What would you do in this moment to Dmitry?

First, of course, would look at and what website. It turned out that the site redirects to a fake website with a similar domain where the hanging third-party advertising. You work so fast…
Secondly, began to write in support REG.RU and find out how it is possible to just divert a domain to another account without permission from the owner. How is that even possible?

Dmitry wrote a letter in support, plus made a test call, and I got this in response:

To say that Dmitri was confused, it’s like saying that the moon hand. Dimitri was in shock.

How the hell can without confirmation, you could become the administrator of another domain, and why such a reliable and respected service allowed is technically feasible, even if there was a hacking account?

Gathering his thoughts, Dmitri hooked their technical assistants, and they became deeper understanding of the subject.

And found the following very interesting terms of service REG.RU domain names in the international zone (in particular in the area .net):

Dmitry and his aides have long puzzled…

So, enough to crack email of the service user (to recover a password administrator) or the account of the service, and you can already on all domains in the international zone to change the administrator itself? And you is for nothing? And it is somehow intended to improve the protection of domain names?

Even there is a detailed instruction on how to do it.

Digested this information, then Dmitry began to correspond with support. However, the correspondence was short-lived…

Then mail Dmitry received a letter:

Dmitry reaction was predictable…

What??? What the hell, 5 working days??? It is possible hours, while the domain is not sold, plus the business every day are the losses…

But firm support on the phone said that it was the weekend, the legal Department will come peace on Monday, and in turn will consider your application, unfortunately to accelerate anything…

So Dmitri took the decision into their own hands, and wrote on already known him the mail man, who unexpectedly became the new owner of the domain. And he went on contact!

What a good business model, isn’t it?

To steal a site and then sell back to the owner. So easy to 700,000 rubles few who earn…

Dmitry was very far from legal knowledge, but realized that such correspondence (in addition to the theft, and article 272 of the criminal code) still pulls and article 163 of the criminal code:

So he, as a good citizen, did not collect the money, and just went Sunday to the nearest police station and filed a report with all the attached screenshots.

A copy of the application sent in support REG.RU in addition to the application, which went to the legal Department.

How did it end? Were you able to return the domain? Did the attacker? While it is not known as this article is written on Sunday evening immediately after application.
But if it gets a positive rating and there will be many requests in the comments, we will publish the second part of the article, which will tell, than all ended.

Let’s hope that it will be a story with a happy ending…

Taking this opportunity, the hero of the story, Dmitry syno66 was invited to Habr.

Update from 04.12.2017 10:00:

Update from 04.12.2017 16:00: Official comment from reg.ru. The domain returned to the original NS record, the site has resumed. However, while domain is on a different account until the end of the proceedings. All actions with the domain suspended for 60 days.